I am able to hide the userPassword and any other single/unique fields on a
query, but I cannot figure out the pwdHistory and how to disable it from
anonymous queries. I keep getting syntax errors and am unsure what the syntax
is.
This works for userPassword, but fails when I replace or add pwdHistory
access to attrs=userPassword
by self write
by anonymous auth
by * none
Here is what my my query looks like
/usr/bin/ldapsearch -h 1.2.3.4 -x -b 'ou=People,dc=company,dc=com'
'(uid=myuser)' '*' '+'
# extended LDIF
#
# LDAPv3
# base <ou=People,dc=copmany,dc=com> with scope subtree
# filter: (uid=myuser)
# requesting: * +
#
# myuser, People, company
dn: uid=myuser,ou=People,dc=company,dc=com
uidNumber: 31518
gidNumber: 100
shadowExpire: 99999
shadowMax: 90
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
uid: myuser
pwdHistory: 20180718212202Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}bTWu9btdOzp
pwdHistory: 20181015214815Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}Ys8LvXcdnsr
pwdHistory: 20181016164512Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}nQLIieWGwt7
pwdHistory: 20190114155333Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}j3d+hxGalnC
pwdHistory: 20190412183313Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}7r2E2DdryKa
pwdHistory: 20190412185409Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}ZbqMWB0x4v+
